A method for protecting a computer, including receiving a data block, discovering code within the data block that can be disassembled for a machine instruction, building an execution path from the machine instructions, including parsing the machine instructions, and following the flow of the execution path, including conditional and unconditional branches of the machine instructions, validating an incremented location by scanning the execution path for machine instructions that increment a register that stores a location on the execution path, finding a self-modifying artifact by scanning remaining machine instructions in the execution path for an arithmetic or logic operation performed on a register that currently or previously held a location in the incremented location, finding a modified loop index by scanning remaining machine instructions in the execution path for registers that hold a loop value that is incremented or decremented, and blocking the data when finding the modified loop index.